They come in different forms like:
- An application installed locally on a computer, telephone or tablet (see the picture).
- When using a webwallet the private keys are managed by a trusted third party. Some web based wallet providers use two-factor (like Google Authenticator) for extra security. In that case a keylogger is not enough for a hacker to steal your credentials and get access to the wallet.
- Cryptocurrency exchanges link the user’s wallet to their centrally managed wallet(s). For example: When trading bitcoins between users on the Kraken exchange the trades are written in their private ledger (off-chain transaction). Only when a user wants to enter with his cryptocurrency into the exchange or when he want to take his cryptocurrency out of the exchange, then the transaction is written onto the public bitcoin blockchain (on-chain transaction).
Full clients verify transactions directly on a local copy of more than 60GB of the blockchain, or a subset of the blockchain. Lightweight clients consult full clients.
An actual bitcoin transaction from a webbased cryptocurrency exchange to a hardware wallet.
They are considered the most secure, because the private keys never leave the physical wallet. They are created, live (transactions) and die (deleted) on the hardware wallet. If a hardware wallet uses a mnemonic sentence for backup then you should not electronically store the mnemonic sentence, but write it down and store in a physical different location(s). Storing the backup electronically lowers the security level to a software wallet level. Most hardware wallets, like LedgerWallet and Trezor, have models that require the user to physically press or touch the wallet in order to make a transaction. Worst case scenario is that a computer is infected with malware and the amount and destination address is altered by a hacker. The private keys remain safe. Some hardware wallets have a display where you have to enter a pin to open the wallet and where you can verify the transaction before executing it. When reading a mnemonic sentence from the physical display of the hardware wallet a screencapture of an infected computer will not reveal the mnemonic sentence.
With a multisignature (multisig) wallet multiple users have to sign (with their private key) for a transaction out of that wallet (public key address).
With a brain wallet someone remembers the information to regenerate the private and public key pair(s), like a mnemonic sentence.
Hot and cold wallet
Terms also used in the context of cryptocurrency wallets are hot and cold wallets. Hot wallets are connected to the internet while cold wallets are not. With a hot wallet you can spend your cryptocurrency at any time. A cold wallet has to be ‘connected’ to the internet first. As long as something is connected to the internet, it is vulnerable to an attack. The short version is that software wallets (where the device is turned on or the wallet software is running) are considered hot wallets. A (not connected) hardware wallet is considered a cold wallet.